Changeset f77a256 for fedd

Timestamp:

Jan 11, 2012 4:02:07 PM (12 years ago)

Author:

Ted Faber <faber@…>

Branches:

compt_changes, info-ops, master

Children:

6886c5a

Parents:

ee950c2

Message:

DETER plugin can act as users now

Location:

fedd

Files:

• access_to_abac.py (modified) (4 diffs)
• db_to_certs.py (added)
• deter_exp_access_db.py (added)
• federation/emulab_access.py (modified) (15 diffs)

fedd/access_to_abac.py

@@ -71 +71 @@
 #  All the local parsing functions get the unparsed remainder of the line
 #  (after the three-name and the attribute it maps to), the credential list to
-#  add the new ABAC credential(s) that will be mapped into the loacl
+#  add the new ABAC credential(s) that will be mapped into the local
 #  credentials, the fedid of this entity, a dict mapping the local credentials
 #  to ABAC credentials that are required to exercise those local rights and the
@@ -77 +77 @@
 def parse_emulab(l, creds, me, to_id, p, gp, gu, lr):
     '''
-    Parse the emulab (project, allocation_user, access_user) format.  Access
-    users are deprecates and allocation users used for both.  This fuction
-    collapses them.
-    '''
-    right_side_str = '\s*,\s*\(\s*%s\s*,\s*%s\s*,\s*%s\s*\)' % \
-            (proj_same_str, id_same_str,id_same_str)
+    Parse the emulab (project, allocation_user, cert_file) format. 
+    '''
+    right_side_str = '\s*,\s*\(\s*%s\s*,\s*%s\s*,\s*(%s)\s*\)' % \
+            (proj_same_str, id_same_str,path_str)
 
     m = re.match(right_side_str, l)
     if m:
-        project, user = m.group(1,2)
+        project, user, cert = m.group(1,2,3)
         # Resolve "<same>"s in project and user
         if project == '<same>':
@@ -114 +112 @@
                 [attribute(p, x, lr) for x in (gp, gu) if x is not None])
         creds.add(c)
-        if (project, user) in to_id: to_id[(project,user)].append(c)
-        else: to_id[(project,user)] = [ c ]
+        if (project, user,cert) in to_id: to_id[(project,user,cert)].append(c)
+        else: to_id[(project,user,cert)] = [ c ]
     else:
         raise parse_error("Badly formatted local mapping: %s" % l)
@@ -320 +318 @@
 id_str = '[a-zA-Z][\w_-]*'
 proj_str = '[a-zA-Z][\w_/-]*'
-path_str = '[a-zA-Z_/\.-]+'
+path_str = '[a-zA-Z0-9_/\.-]+'
 id_any_str = '(%s|<any>)' % id_str
 proj_any_str = '(%s|<any>)' % proj_str

fedd/federation/emulab_access.py

@@ -176 +176 @@
     def access_tuple(str):
         """
-        Convert a string of the form (id, id) into an access_project.  This is
-        called by read_access to convert to local attributes.  It returns
-        a tuple of the form (project, user).
+        Convert a string of the form (id, id, id) into an access_project.  This
+        is called by read_access to convert to local attributes.  It returns a
+        tuple of the form (project, user, certificate_file).
         """
 
         str = str.strip()
-        if str.startswith('(') and str.endswith(')') and str.count(',') == 1:
+        if str.startswith('(') and str.endswith(')') and str.count(',') == 2:
             # The slice takes the parens off the string.
-            proj, user = str[1:-1].split(',')
-            return (proj.strip(), user.strip())
+            proj, user, cert = str[1:-1].split(',')
+            return (proj.strip(), user.strip(), cert.strip())
         else:
             raise self.parse_error(
-                    'Bad mapping (unbalanced parens or more than 1 comma)')
+                    'Bad mapping (unbalanced parens or more than 2 commas)')
 
     # RequestAccess support routines
 
-    def save_project_state(self, aid, pname, uname, owners):
+    def save_project_state(self, aid, pname, uname, certf, owners):
         """
         Save the project, user, and owners associated with this allocation.
@@ -201 +201 @@
         self.allocation[aid]['project'] = pname
         self.allocation[aid]['user'] = uname
+        self.allocation[aid]['cert'] = certf
         self.allocation[aid]['owners'] = owners
         self.write_state()
@@ -272 +273 @@
         aid = unicode(allocID)
 
-        pname, uname = self.save_project_state(aid, found[0], found[1], owners)
+        pname, uname = self.save_project_state(aid, found[0], found[1], 
+                found[2], owners)
 
         services, svc_state = self.export_services(req.get('service',[]),
@@ -690 +692 @@
         if aid in self.allocation:
             user = self.allocation[aid].get('user', None)
+            cert = self.allocation[aid].get('cert', None)
             self.allocation[aid]['experiment'] = ename
             self.allocation[aid]['nonce'] = nonce_experiment
@@ -711 +714 @@
                     "Can't find creation user for %s" %aid)
 
-        return (ename, proj, user, pubkey_base, secretkey_base, alloc_log)
+        return (ename, proj, user, cert, pubkey_base, secretkey_base, alloc_log)
 
     def decorate_topology(self, info, t):
@@ -853 +856 @@
         try:
             self.retrieve_software(topo, certfile, softdir)
-            ename, proj, user, pubkey_base, secretkey_base, alloc_log = \
-                    self.initialize_experiment_info(attrs, aid, 
-                            certfile, tmpdir)
+            ename, proj, user, xmlrpc_cert, pubkey_base, secretkey_base, \
+                alloc_log =  self.initialize_experiment_info(attrs, aid, 
+                        certfile, tmpdir)
 
             if '/' in proj: proj, gid = proj.split('/')
@@ -877 +880 @@
             starter = self.start_segment(keyfile=self.ssh_privkey_file, 
                     debug=self.create_debug, log=alloc_log, boss=self.boss,
-                    ops=self.ops, cert=self.xmlrpc_cert)
+                    ops=self.ops, cert=xmlrpc_cert)
             rv = starter(self, ename, proj, user, expfile, tmpdir, gid=gid)
         except service_error, e:
@@ -918 +921 @@
             proj = self.allocation[aid].get('project', None)
             user = self.allocation[aid].get('user', None)
+            xmlrpc_cert = self.allocation[aid].get('cert', None)
             ename = self.allocation[aid].get('experiment', None)
             nonce = self.allocation[aid].get('nonce', False)
@@ -925 +929 @@
             ename = None
             nonce = False
+            xmlrpc_cert = None
         self.state_lock.release()
 
@@ -942 +947 @@
         stopper = self.stop_segment(keyfile=self.ssh_privkey_file,
                 debug=self.create_debug, boss=self.boss, ops=self.ops,
-                cert=self.xmlrpc_cert)
+                cert=xmlrpc_cert)
         stopper(self, user, proj, ename, gid, nonce)
         return { 'allocID': req['allocID'], 'proof': proof.to_dict() }
@@ -966 +971 @@
             proj = self.allocation[aid].get('project', None)
             user = self.allocation[aid].get('user', None)
+            xmlrpc_cert = self.allocation[aid].get('cert', None)
             ename = self.allocation[aid].get('experiment', None)
         else:
@@ -972 +978 @@
             ename = None
             topo = None
+            xmlrpc_cert = None
         self.state_lock.release()
 
@@ -989 +996 @@
         info = self.info_segment(keyfile=self.ssh_privkey_file,
                 debug=self.create_debug, boss=self.boss, ops=self.ops,
-                cert=self.xmlrpc_cert)
+                cert=xmlrpc_cert)
         info(self, user, proj, ename)
         self.decorate_topology(info, topo)
@@ -1038 +1045 @@
             raise service_error(service_error.req, "no targets")
 
+        self.state_lock.acquire()
         if aid in self.allocation:
             topo = self.allocation[aid].get('topo', None)
             if topo: topo = topo.clone()
+            xmlrpc_cert = self.allocation[aid].get('cert', None)
         else:
             topo = None
+            xmlrpc_cert = None
+        self.state_lock.release()
 
         targets = copy.copy(targets)
@@ -1058 +1069 @@
         ops = self.operation_segment(keyfile=self.ssh_privkey_file,
                 debug=self.create_debug, boss=self.boss, ops=self.ops,
-                cert=self.xmlrpc_cert)
+                cert=xmlrpc_cert)
         ops(self, op, ptargets, params, topo)